The only way to unlock a handset lock on a iphone 4s or 5 is to submit it over to Apple. Join the cue- according to IACIS members, American law enforcement are experiencing backlogs with Apple.

So there is some sort of back door?

But just NOT available to 'all and sundry'.

Generally, this question has been raised/asked for many, many years.

Having worked in mobile 'phone development (in my past), devices that have security settings have what are known as 'exits' or 'escapes'. In mobile development they do not think in terms of "forensics" or "evidence". Development projects, e.g. meaning development handsets, are the focus. Checking security means you cannot lock, permanently, every 'test handset' under development, so 'exits' are built in, which saves on 'prototypes' being produced, and means diagnostics etc can be performed. Colloquially speaking 'exits' are 'backdoors'. So are there backdoors in handsets? Of course there are and well-known manufacturers have a different approach not only for testing but for other requirements, too.

As far as we know there are no back doors inserted by Apple. One of the main hurdles for companies trying to acquire data from Apple devices is getting their code running on the platform. This is hard because Apple only allows code that has been verified and approved (signed) by them to run. Code signatures are trivial for Apple to bypass as they can approve whatever code they want. Once you have your code running on the platform you can basically read whatever data you want. So you're free to read the memory chips and pass that data back over USB. This is as I said trivial for Apple as they have the secret keys required to get their code running and they're familiar with the platform so creating code to read the memory chips and send it out over USB is also trivial. So this Apple can help you with.

Now the next problem is that the user data file system contained on these chips is encrypted with a key stored in the effaceable area. Once the data has been decrypted you have the file system in plain text. This Apple can help you with.

Trying to examine the files you run into another issue, some of the files are encrypted. These files are in different protection classes with differently calculated keys. Some of those keys are calculated from multiple factors, for example a combination of device specific keys and the user passcode. Once you've figured out the passcode you can decrypt all files. This Apple really can't help you with if the passcode can't be trivially guessed.

Another issue is restoring deleted information from the file system. Deletion of a file is as simple as marking the file deleted in the file system and throwing away the decryption key. Deleting the entire file system is as simple as throwing away the decryption key to it.

The steps Apple can help you with is getting the data out of the device, decrypt the file system and try to guess the passcode in order to decrypt some of the files.

This is about as secure, in my opinion, as you can reasonably expect from a platform which is always on, always ready.

Correct me if I made a mistake somewhere as I'm writing all of this from memory.
_________________Peter Andersson, MSAB